【发布时间】:2021-01-15 04:33:47
【问题描述】:
我的网络应用中有一个payment gateway,需要SSL 证书才能正常工作。
网络应用程序是托管在pythonanywhere 的 django 网络应用程序。我使用他们的Auto-renewing Let's Encrypt certificate 添加了 SSL 证书并使网站加载为HTTPS 网站。
该网站现在加载为 HTTPS 网站,但在退出支付网关时,我仍然收到如下隐私错误
Your connection is not private
Attackers might be trying to steal your information from <my domain> (for example, passwords, messages or credit cards). Learn more
NET::ERR_CERT_COMMON_NAME_INVALID
我不知道我做错了什么
[EDIT-1]
- 我正在使用从 GoDaddy 购买的自定义域
- 我按照link 设置 SSL 证书
- 我还在 pythonanywhere 中启用了forcing-https。
- 我将视图中的回调 url 从
http://<my_domain>.org/payment/status/更改为https://<my_domain>.org/payment/status/ - 回调 url 页面不包含任何 http 链接。只是一个css文件如下
<link rel="stylesheet" href="{% static 'css/paymentstatus.css' %}">
请注意,当我访问该网站时,它显示为https。只有在调用回调 URL 时才会返回 Privacy 错误。
当我在本地系统中使用ngrok 进行尝试时,我没有遇到此错误。仅pythonanywhere 会出现此错误。
[EDIT-2]
nslookup mydomain.org
▶ nslookup mydomain.org
Server: 2405:201:e011:3804::c0a8:1d01
Address: 2405:201:e011:3804::c0a8:1d01#53
Non-authoritative answer:
Name: mydomain.org
Address: IP_ADDRESS
dig mydomain.org
▶ dig mydomain.org
; <<>> DiG 9.10.6 <<>> mydomain.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8056
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;mydomain.org. IN A
;; ANSWER SECTION:
mydomain.org. 225 IN A IP_ADDRESS
;; Query time: 2 msec
;; SERVER: 2405:201:e011:3804::c0a8:1d01#53(2405:201:e011:3804::c0a8:1d01)
;; WHEN: Fri Jan 15 14:18:23 IST 2021
;; MSG SIZE rcvd: 51
[EDIT-3]
我将网址从 https://<my_domain>.org/ 更改为 https://www.<my_domain>.org/。这会导致 404 错误。我在下面添加了views.py和url.py
views.py
def donate(request):
if request.method == "POST":
form = DonateForm(request.POST)
name = request.POST.get('firstName')
phone = request.POST.get('phone')
email = request.POST.get('email')
amount = float("{0:.2f}".format(int(request.POST.get('amount'))))
ord_id = OrdID()
cust_id = CustID()
paytm_params = {
"MID" : MERCHANTID,
"WEBSITE" : "DEFAULT",
"INDUSTRY_TYPE_ID" : "Retail",
"CHANNEL_ID" : "WEB",
"ORDER_ID" : ord_id,
"CUST_ID" : cust_id,
"MOBILE_NO" : phone,
"EMAIL" : email,
"TXN_AMOUNT" : str(amount),
"CALLBACK_URL" : "https://www.<my_domain>.org/payment/status/",
}
paytm_params['CHECKSUMHASH'] = Checksum.generate_checksum(paytm_params, MERCHANTKEY)
if form.is_valid():
form.save()
return render(request, 'paytm.html', {'paytm_params': paytm_params})
else:
form = DonateForm()
context = {'Donate': form}
return render(request, 'donate.html', context=context)
@csrf_exempt
def handlerequest(request):
if request.method == "POST":
form = request.POST
response_dict = {}
for i in form.keys():
response_dict[i] = form[i]
if i == 'CHECKSUMHASH':
checksum = form[i]
print(checksum)
verify = Checksum.verify_checksum(response_dict, MERCHANTKEY, checksum)
if verify:
if response_dict['RESPCODE'] == '01':
print('order successful')
else:
print('error: ' + response_dict['RESPMSG'])
return render(request, 'paymentstatus.html', {'response': response_dict})
urls.py
urlpatterns = [
...
path('donate', views.donate, name='donate'),
path('payment/status', views.handlerequest, name='handlerequest'),
...
]
[解决方案]
首先www. 到网址,因为答案表明这是问题所在。 404错误就这样解决了。
原来视图中的路径和 urls 中的路径应该相同。这为我解决了这个问题。
def donate(request):
...
paytm_params = {
"MID" : MERCHANTID,
"WEBSITE" : "DEFAULT",
"INDUSTRY_TYPE_ID" : "Retail",
"CHANNEL_ID" : "WEB",
"ORDER_ID" : ord_id,
"CUST_ID" : cust_id,
"MOBILE_NO" : phone,
"EMAIL" : email,
"TXN_AMOUNT" : str(amount),
"CALLBACK_URL" : "https://www.<my_domain>.org/payment/status",
...
urls.py
urlpatterns = [
...
path('donate', views.donate, name='donate'),
path('payment/status', views.handlerequest, name='handlerequest'),
...
]
请注意,urls.py 中的路径如下payment/status。以前在视图中,路径末尾有一个斜杠,例如https://www.<my_domain>.org/payment/status/。最后删除斜线对我有用。
【问题讨论】:
-
请打破它,你是如何设置让我们加密服务的?以及您使用的网络服务器!
-
@AhmedShehab 我已经编辑了这个问题。请看一下。再次感谢
-
如果您从非 https 的外部源加载任何图像或 svg,请检查您的静态文件
-
顺便说一句,您在支付提供商的仪表板中错误配置了一些参数可能很简单,请重新配置。
-
尝试从pythonanywhere关闭强制https并再次测试!
标签: python ssl https payment-gateway pythonanywhere